Russia-linked hacking group led cyberattack on Texas water facility

WASHINGTON – CNN is reporting that a hacking group with ties to the Russian government is suspected of carrying out a cyberattack in January that caused a tank at a Texas water facility to overflow, experts from US cybersecurity firm Mandiant said Wednesday. The hack in the small town of Muleshoe, in north Texas, coincided with at least two other towns in north Texas taking precautionary defensive measures after detecting suspicious cyber activity on their networks, town officials told CNN. The FBI has been investigating the hacking activity, one of the officials said. The attack was a rare example of hackers using access to sensitive industrial equipment to disrupt regular operations at a US water facility, following a separate cyberattack last November on a Pennsylvania water plant that US officials blamed on Iran.

The cyber incidents in Texas also help explain a rare public appeal that US national security adviser Jake Sullivan made last month to state officials and water authorities to shore up their cyber defenses. Cyberattacks are hitting water and wastewater systems “throughout the United States” and state governments and water facilities must improve their defenses against the threat, Sullivan said in a joint letter with the Environmental Protection Agency chief to state officials. US officials have been concerned that many of the country’s 150,000 public water systems have struggled to find the cash and personnel to deal with persistent hacking threats from criminal and state actors. The Texas hacking incidents gained little national attention when they occurred as questions lingered about who was behind the activity. But on Wednesday, Mandiant publicly linked the channel on Telegram, a social media platform, where hackers claimed responsibility for the Muleshoe attack with previous hacking activity carried out by a notorious unit of Russia’s GRU military intelligence agency.